Security News > 2021 > May > Qualcomm vulnerability impacts nearly 40% of all mobile phones
A high severity security vulnerability found in Qualcomm's Mobile Station Modem chips could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations.
Qualcomm MSM is a series of 2G, 3G, 4G, and 5G capable system on chips used in roughly 40% of mobile phones by multiple vendors, including Samsung, Google, LG, OnePlus, and Xiaomi.
"Going forward, our research can hopefully open the door for other security researchers to assist Qualcomm and other vendors to create better and more secure chips, helping us foster better online protection and security for everyone."
Check Point disclosed their findings to Qualcomm in October, who later confirmed their research, rated the security bug as a high severity vulnerability and notified the relevant vendors.
After receiving Check Point's report, Qualcomm developed security updates to address the CVE-2020-11292 security issue and made them available to all impacted vendors two months later, in December 2020.
KrØØk, a security flaw that can be used to decrypt some WPA2-encrypted wireless network packets, was also fixed by Qualcomm in July 2020.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2020-11292 | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |